DuendeSoftware
diff --git a/‎.github/workflow-gen/Program.cs‎
Lines changed: 137 additions & 32 deletions b/‎.github/workflow-gen/Program.cs‎
Lines changed: 137 additions & 32 deletions
diff --git a/‎.github/workflow-gen/workflow-gen.csproj‎
Lines changed: 2 additions & 2 deletions b/‎.github/workflow-gen/workflow-gen.csproj‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎.github/workflows/access-token-management-ci.yml‎
Lines changed: 46 additions & 51 deletions b/‎.github/workflows/access-token-management-ci.yml‎
Lines changed: 46 additions & 51 deletions
@@ -1,5 +1,22 @@
 using Logicality.GitHub.Actions.Workflow;
-using System.IO;
+
+Component[] components = [
+    new("ignore-this",
+        ["IgnoreThis"],
+        ["IgnoreThis.Tests"]),
+
+    new("access-token-management",
+        ["AccessTokenManagement", "AccessTokenManagement.OpenIdConnect"],
+        ["AccessTokenManagement.Tests"]),
+
+    new("identity-model", 
+        ["IdentityModel"],
+        ["IdentityModel.Tests"]),
+
+    new("identity-model-oidc-client",
+        ["IdentityModel.OidcClient", "IdentityModel.OidcClient.DPoP", "IdentityModel.OidcClient.IdentityTokenValidator"],
+        ["IdentityModel.OidcClient.Tests", "IdentityModel.OidcClient.DPoP.Tests", "IdentityModel.OidcClient.IdentityTokenValidator.Tests"])
+];
 
 void WriteWorkflow(Workflow workflow, string fileName)
 {
@@ -8,23 +25,15 @@ void WriteWorkflow(Workflow workflow, string fileName)
     Console.WriteLine($"Wrote workflow to {filePath}");
 }
 
-
-Component[] components = [ 
-    new("ignore-this", ["IgnoreThis"], ["IgnoreThis.Tests"]),
-];
-
-(string Key, string Value) EnvSecret(string key) => (key, $"${{secrets.{key}}}");
-
-
-foreach (var component in components)
+void GenerateCIWorkflow(Component component)
 {
     var workflow = new Workflow($"{component.Name}-ci");
-    var paths    = new[] { $".github/workflows/{component.Name}-ci", $"src/{component.Name}/**" };
+    var paths    = new[] { $".github/workflows/{component.Name}-**", $"src/{component.Name}/**" };
 
     workflow.On.WorkflowDispatch();
     workflow.On
         .Push()
-        .Branches("main");
+        .Paths(paths);
     workflow.On
         .PullRequest()
         .Paths(paths);
@@ -37,16 +46,60 @@ void WriteWorkflow(Workflow workflow, string fileName)
         .Job("build")
         .Name("Build")
         .RunsOn(GitHubHostedRunners.UbuntuLatest)
-        .Defaults().Run("pwsh", component.Name)
+        .Defaults().Run("bash", component.Name)
         .Job;
 
-    job.Step().ActionsCheckout();
+    job.Step()
+        .ActionsCheckout();
+
+    job.Step()
+        .ActionsSetupDotNet("8.0.x");
+
+    foreach (var testProject in component.Tests)
+    {
+        job.StepTestAndReport(component.Name, testProject);
+    }
+
+    job.StepInstallCACerts();
+
+    job.StepToolRestore();
+
+    foreach (var project in component.Projects)
+    {
+        job.StepPack(component.Name, project);
+    }
+
+    job.StepSign();
+
+    job.StepPush("MyGet", "https://www.myget.org/F/duende_identityserver/api/v2/package", "MYGET");
+
+    job.StepPush("GitHub", "https://nuget.pkg.github.com/DuendeSoftware/index.json", "GITHUB_TOKEN")
+        .Env(
+            ("GITHUB_TOKEN", "${{ secrets.GITHUB_TOKEN }}"),
+            ("NUGET_AUTH_TOKEN", "${{ secrets.GITHUB_TOKEN }}"));
+
+    job.StepUploadArtifacts(component.Name);
+
+    var fileName = $"{component.Name}-ci";
 
-    job.Step().ActionsSetupDotNet("8.0.x");
+    WriteWorkflow(workflow, fileName);
+}
+
+foreach (var component in components)
+{
+    GenerateCIWorkflow(component);
+}
+
+record Component(string Name, string[] Projects, string[] Tests);
+
+public static class StepExtensions
+{
+    public static Step IfRefMain(this Step step) 
+        => step.If("github.ref == 'refs/heads/main'");
 
-    foreach(var testProject in component.Tests)
+    public static void StepTestAndReport(this Job job, string componentName, string testProject)
     {
-        var path        = $"{component.Name}/test/{testProject}";
+        var path        = $"test/{testProject}";
         var logFileName = "Tests.trx";
         var flags = $"--logger \"console;verbosity=normal\" "      +
                     $"--logger \"trx;LogFileName={logFileName}\" " +
@@ -61,25 +114,77 @@ void WriteWorkflow(Workflow workflow, string fileName)
             .If("success() || failure()")
             .With(
                 ("name", "Test Report"),
-                ("path", $"{path}/TestResults/{logFileName}"),
+                ("path", $"{componentName}/{path}/TestResults/{logFileName}"),
                 ("reporter", "dotnet-trx"),
                 ("fail-on-error", "true"),
                 ("fail-on-empty", "true"));
     }
 
-    job.Step()
-        .Name("Install Sectigo CodeSiging CA certificates")
-        .Run("""
-sudo apt-get update
-sudo apt-get install -y ca-certificates
-sudo cp build/SectigoPublicCodeSigningRootCrossAAA.crt /usr/local/share/ca-certificates/
-sudo update-ca-certificates
-         
-""");
-    
-    var fileName = $"{component.Name}-ci-gen";
+    public static void StepInstallCACerts(this Job job)
+        => job.Step()
+            .Name("Install Sectigo CodeSiging CA certificates")
+            .IfRefMain()
+            .Run("""
+                 sudo apt-get update
+                 sudo apt-get install -y ca-certificates
+                 sudo cp build/SectigoPublicCodeSigningRootCrossAAA.crt /usr/local/share/ca-certificates/
+                 sudo update-ca-certificates
+                 """);
+
+    public static void StepToolRestore(this Job job)
+        => job.Step()
+            .Name("Tool restore")
+            .IfRefMain()
+            .Run("dotnet tool restore");
+
+    public static void StepPack(this Job job, string componentName, string project)
+    {
+        var path = $"{componentName}/src/{project}";
+        job.Step()
+            .Name($"Pack {project}")
+            .IfRefMain()
+            .Run($"dotnet pack -c Release {path} --no-build -o artifacts");
+    }
 
-    WriteWorkflow(workflow, fileName);
-}
+    public static void StepSign(this Job job)
+    {
+        var flags = "--file-digest sha256 "                                             +
+                    "--timestamp-rfc3161 http://timestamp.digicert.com "                +
+                    "--azure-key-vault-url https://duendecodesigning.vault.azure.net/ " +
+                    "--azure-key-vault-client-id 18e3de68-2556-4345-8076-a46fad79e474 " +
+                    "--azure-key-vault-tenant-id ed3089f0-5401-4758-90eb-066124e2d907 " +
+                    "--azure-key-vault-client-secret ${{ secrets.SignClientSecret }} "  +
+                    "--azure-key-vault-certificate CodeSigning";
+        job.Step()
+            .Name("Sign packages")
+            .IfRefMain()
+            .Run($"""
+                 for file in artifacts/*.nupkg; do
+                    dotnet NuGetKeyVaultSignTool sign \"$file\" {flags}
+                 done
+                 """);
+    }
 
-record Component(string Name, string[] Projects, string[] Tests);
+    public static Step StepPush(this Job job, string destination, string sourceUrl, string secretName)
+    {
+        var apiKey = $"${{ secrets.{secretName} }}";
+        return job.Step()
+            .Name($"Push packages to {destination}")
+            .IfRefMain()
+            .Run($"dotnet nuget push artifacts/*.nupkg --source {sourceUrl} --api-key {apiKey} --skip-duplicate");
+    }
+
+    public static void StepUploadArtifacts(this Job job, string componentName)
+    {
+        var path = $"{componentName}/artifacts/*.nupkg";
+        job.Step()
+            .Name("Upload Artifacts")
+            .IfRefMain()
+            .Uses("actions/upload-artifact@v4")
+            .With(
+                ("name", "Upload Artifacts"),
+                ("path", path),
+                ("overwrite", "true"),
+                ("retention-days", "15"));
+    }
+}
@@ -9,8 +9,8 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Logicality.GitHub.Actions.Workflow" Version="0.4.0" />
-    <PackageReference Include="Logicality.GitHub.Actions.Workflow.Extensions" Version="0.4.0" />
+    <PackageReference Include="Logicality.GitHub.Actions.Workflow" Version="0.5.0" />
+    <PackageReference Include="Logicality.GitHub.Actions.Workflow.Extensions" Version="0.5.0" />
   </ItemGroup>
 
 </Project>
@@ -1,89 +1,84 @@
-name: access-token-management\ci
-
-permissions:
-  contents: read
-  checks: write
-  packages: write
+# This was generated by tool. Edits will be overwritten.
 
+name: access-token-management-ci
 on:
   workflow_dispatch:
   push:
-    branches:
-    - main
     paths:
-    - .github/workflows/access-token-management-ci.yml
-    - access-token-management/*
+    - .github/workflows/access-token-management-**
+    - src/access-token-management/**
   pull_request:
     paths:
-    - .github/workflows/access-token-management-ci.yml
-    - access-token-management/*
-
+    - .github/workflows/access-token-management-**
+    - src/access-token-management/**
 env:
-  DOTNET_NOLOGO: true
+  DOTNETT_NOLOGO: true
   DOTNET_CLI_TELEMETRY_OPTOUT: true
-
 jobs:
   build:
     name: Build
     runs-on: ubuntu-latest
     defaults:
       run:
+        shell: bash
         working-directory: access-token-management
-        shell: pwsh
-    
     steps:
-    - uses: actions/checkout@v4
+    - name: Checkout
+      uses: actions/checkout@v4
       with:
         fetch-depth: 0
-
-    - uses: actions/setup-dotnet@v4
+    - name: Setup Dotnet
+      uses: actions/setup-dotnet@v4
       with:
-        dotnet-version: |
-          8.0.x
-
-    - name: Build
-      run: ./build.ps1
-
-    - name: Test report
-      id: test-report
+        dotnet-version: 8.0.x
+    - name: Test
+      run: dotnet test -c Release test/AccessTokenManagement.Tests --logger "console;verbosity=normal" --logger "trx;LogFileName=Tests.trx" --collect:"XPlat Code Coverage"
+    - id: test-report
+      name: Test report
+      if: success() || failure()
       uses: dorny/test-reporter@v1
-      if: success() || failure()    # run this step even if previous step failed
       with:
-        name: Test results
-        path: access-token-management/test/AccessTokenManagement.Tests/TestResults/Test.trx
+        name: Test Report
+        path: access-token-management/test/AccessTokenManagement.Tests/TestResults/Tests.trx
         reporter: dotnet-trx
         fail-on-error: true
         fail-on-empty: true
-
     - name: Install Sectigo CodeSiging CA certificates
-      run: |
+      if: github.ref == 'refs/heads/main'
+      run: |-
         sudo apt-get update
         sudo apt-get install -y ca-certificates
         sudo cp build/SectigoPublicCodeSigningRootCrossAAA.crt /usr/local/share/ca-certificates/
         sudo update-ca-certificates
-
-    - name: Sign
-      if: (github.ref == 'refs/heads/main')
-      env:
-        SignClientSecret: ${{ secrets.SignClientSecret }}
-      run: ./build.ps1 sign
-
+    - name: Tool restore
+      if: github.ref == 'refs/heads/main'
+      run: dotnet tool restore
+    - name: Pack AccessTokenManagement
+      if: github.ref == 'refs/heads/main'
+      run: dotnet pack -c Release access-token-management/src/AccessTokenManagement --no-build -o artifacts
+    - name: Pack AccessTokenManagement.OpenIdConnect
+      if: github.ref == 'refs/heads/main'
+      run: dotnet pack -c Release access-token-management/src/AccessTokenManagement.OpenIdConnect --no-build -o artifacts
+    - name: Sign packages
+      if: github.ref == 'refs/heads/main'
+      run: |-
+        for file in artifacts/*.nupkg; do
+           dotnet NuGetKeyVaultSignTool sign \"$file\" --file-digest sha256 --timestamp-rfc3161 http://timestamp.digicert.com --azure-key-vault-url https://duendecodesigning.vault.azure.net/ --azure-key-vault-client-id 18e3de68-2556-4345-8076-a46fad79e474 --azure-key-vault-tenant-id ed3089f0-5401-4758-90eb-066124e2d907 --azure-key-vault-client-secret ${{ secrets.SignClientSecret }} --azure-key-vault-certificate CodeSigning
+        done
     - name: Push packages to MyGet
-      if: (github.ref == 'refs/heads/main')
-      run: dotnet nuget push artifacts\*.nupkg -s https://www.myget.org/F/duende_identityserver/api/v2/package -k ${{ secrets.MYGET }} --skip-duplicate
-
-    - name: Push NuGet package to GitHub Packages
-      if: (github.ref == 'refs/heads/main')
-      run: dotnet nuget push artifacts\*.nupkg --source https://nuget.pkg.github.com/DuendeSoftware/index.json --api-key ${{ secrets.GITHUB_TOKEN }} --skip-duplicate
+      if: github.ref == 'refs/heads/main'
+      run: dotnet nuget push artifacts/*.nupkg --source https://www.myget.org/F/duende_identityserver/api/v2/package --api-key ${ secrets.MYGET } --skip-duplicate
+    - name: Push packages to GitHub
+      if: github.ref == 'refs/heads/main'
+      run: dotnet nuget push artifacts/*.nupkg --source https://nuget.pkg.github.com/DuendeSoftware/index.json --api-key ${ secrets.GITHUB_TOKEN } --skip-duplicate
       env:
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         NUGET_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
-    - name: Upload artifacts
+    - name: Upload Artifacts
+      if: github.ref == 'refs/heads/main'
       uses: actions/upload-artifact@v4
-      if: (github.ref == 'refs/heads/main')
       with:
+        name: Upload Artifacts
         path: access-token-management/artifacts/*.nupkg
-        compression-level: 0
         overwrite: true
-        retention-days: 15
+        retention-days: 15